Information disclosure in Citrix XenMobile Server - CVE-2017-9231
Published: June 23, 2017
Vulnerability identifier: #VU7191
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-9231
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Citrix
Affected software:
Citrix XenMobile Server
Citrix XenMobile Server
Detailed vulnerability description
The vulnerability allows a remote attacker to perform an XXE attack.
The vulnerability exists due to insufficient validation of user-supplied data. A remote attacker can supply specially crafted XML External Entity (XXE) data to read arbitrary files with the privileges of the target service.
Successful exploitation of the vulnerability results in information disclosure.
The vulnerability exists due to insufficient validation of user-supplied data. A remote attacker can supply specially crafted XML External Entity (XXE) data to read arbitrary files with the privileges of the target service.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-9231
Update to version 10.5 RP3.